In an age where providers are increasingly taking the management of their patient’s health online and out of the doctor’s office, the creation of scalable and nimble patient engagement tools can serve to improve patient experience, health care outcomes and health care costs. While the level of enthusiasm for these tools is at an all-time high, there is a growing concern about the unexpected deterrent to the adoption of these tools from an unlikely source: the Telephone Consumer Protection Act of 1991 (TCPA).

Many professionals in the health industry have come to share two misconceptions about the TCPA: first, that the TCPA only applies to marketing phone calls or text message “spam,” and second, that the TCPA does not apply to communications from HIPAA covered entities to their patients/health plan members. These misconceptions can be costly mistakes for covered entities that have designed their patient engagement outreach programs without include a TCPA compliance strategy.

Compliance Challenges

As discussed in a previous post, the TCPA was originally intended to curb abusive telemarketing calls. When applying the law to smarter and increasingly innovative technologies (especially those that we see in the patient engagement world), the TCPA poses significant compliance challenges for the users of these tools that arguably threaten to curb meaningful progress on important public health and policy goals.

Despite its initial scope of addressing robocalls, the TCPA also applies to many automated communications between health care providers and their patients, and between plans and their members. There is a diverse array of technical consent requirements that apply depending on what type of phone call you make. For instance, most auto-dialed marketing calls to cell phones require prior express written consent, meaning that the caller must first obtain written consent before making the call. To make compliance more compliance, callers remain responsible for proving consent and the accuracy of the numbers dialed.

Indeed, the TCPA presents a serious challenge for patient engagement tools, especially when violations of the TCPA can yield statutory damages of up to $1,500 per call or text message. While Federal Communications Commission orders over the past several years have added some clarity and a “safe harbor” for HIPAA-covered entities to help entities achieve compliance, there is still no “free pass” from the TCPA’s requirements. Therefore, covered entities and the business associates who work for them should not assume that compliance with HIPAA offers any security of defense against a successful claim under the TCPA.

Continue Reading The TCPA: An Unexpected Deterrent to Patient Engagement Tools

Radio and television stations, as well as their audiences, have reason to celebrate. Last week, the Federal Communications Commission (FCC) announced significant updates to its regulations regarding the disclosure of material terms associated with promotional contests and sweepstakes conducted by television and radio broadcast stations. Since 1976, Section 73.1216 of the FCC rules (the Contest Rule) required broadcast stations that advertised its contests and sweepstakes to the general public to disclose the material terms on air. These on-air disclosures typically have taken the form of very rapidly recited terms at the end of the broadcast announcing the contest or extremely small print found at the bottom of the television screen.  In an attempt to give broadcasters more flexibility in meeting their disclosure obligations and adapt to changing consumer expectations in the Internet Age, the FCC has updated the Contest Rule to allow broadcast stations to disclose material contest and sweepstakes terms on a readily accessible public website.

Under the revised Contest Rule, television and radio broadcasters that choose to disclose material terms of contests and sweepstakes through a website must do the following:

  • Provide the terms on a “publically accessible” website (i.e., designed to be available to public 24/7, free of charge, with no registration requirement);
  • Broadcast the relevant website address periodically on air, providing sufficient information for a consumer to find the terms easily. Broadcasters can meeting this requirement by mechanically reciting the website address as it appears in a browser (e.g., http-colon-backslash, etc.”) or using simple instructions (e.g., “for contest rules go to kxyz.com and then click on the contest tab);
  • Provide a conspicuous link or tab on the broadcaster’s home page, labeled in a way that makes clear its relation to contest or sweepstakes information;
  • Maintain the material terms on the website for at least 30 days after the contest or sweepstakes has ended;
  • Where the material terms of contest has changed, announce that the terms have changed on air within 24 hours and periodically thereafter, and direct participants to the website to review the changes;
  • Ensure that the material terms disclosed on the website conform in all substantive respects to the contest or sweepstakes terms broadcast over the air.

While discussing the updated regulations, the FCC affirmed its commitment to the core principles of the Contest Rule and reminded broadcasters that regardless of the medium of disclosure, broadcasters must provide complete, accurate and timely information about the contests they conduct, ensure that such information is not false, misleading or deceptive, and conduct their contests substantially as announced or advertised.

The National Institute of Standards and Technology (NIST) released its Cybersecurity Framework (Framework) almost 15 months ago and charged critical infrastructure companies within the United States to improve their cybersecurity posture. Without question, the Framework has sparked a national conversation about cybersecurity and the controls necessary to improve it.  With regulators embracing the Framework, industry will want to take note that a “voluntary” standard may evolve into a de facto mandatory standard.”

Read the full On the Subject on the NIST Cybersecurity Framework on the McDermott website.

Thursday, April 30, 2015, marks the last day a business can request a retroactive waiver for failing to comply with certain fax advertising requirements promulgated by the Federal Communications Commission (FCC). The scope of these requirements was clarified on October 30, 2014, when the FCC issued an Order (2014 Order) under the Junk Fax Prevention Act of 2005 (Junk Fax Act). The 2014 Order confirms that senders of all advertising faxes must include information that allows recipients to opt out of receiving future faxes from that sender.

The 2014 Order clarifies certain aspects of the FCC’s 2006 Order under the Junk Fax Act (the Junk Fax Order). Among other requirements, the Junk Fax Order established the requirement that the sender of an advertising fax provide notice and contact information that allows a recipient to “opt out” of any future fax advertising transmissions.

Following the FCC’s publication of the Junk Fax Order, some businesses interpreted the opt-out requirements as not applying to advertising faxes sent with the recipient’s prior express permission (based on footnote 154 in the Junk Fax Order). The 2014 Order provided a six-month period for senders to comply with the opt-out requirements of the Junk Fax Order for faxes sent with the recipient’s prior express permission and to request retroactive relief for failing to comply. The six-month period ends on April 30, 2015. Without a waiver, the FCC noted that “any past or future failure to comply could subject entities to enforcement sanctions, including potential fines and forfeitures, and to private litigation.”

For more information about the Junk Fax Act in general, or the waiver request process in particular, please contact Julia Jacobson or Matt Turnell.

A recent ruling by the Ninth Circuit took an expansive view of vicarious liability under the Telephone Consumer Protection Act (TCPA).  Reversing the district court’s grant of summary judgment, the court in Gomez v. Campbell held that a marketing consultant could be held liable for text messages sent in violation of the TCPA, even though the marketing consultant itself had not sent the texts and even though the texts were sent on behalf of the marketing consultant’s client, not the consultant itself.

Among other things, the TCPA prohibits (with certain exceptions) the use of automatic telephone dialing systems in making calls to cellphones.  Both the Federal Communications Commission (FCC) and the courts have interpreted this provision to bar the use of automated systems to send unsolicited texts to cellphones.  In Gomez, the Campbell-Ewald Company had been hired by the Navy to conduct a multimedia recruiting campaign.  Campbell-Ewald had then outsourced the text-messaging component of the campaign to a third party, Mindmatics.  Mindmatics then allegedly sent text messages to the plaintiff and others who had not given consent.

On appeal, Campbell-Ewald raised two variations of the arguments that it should not be held liable for texts that it had not itself sent.  First, Campbell-Ewald argued that it did not “make” or “initiate” any calls under the TCPA because Mindmatics had sent the texts.  As the statue only provides for liability for those that “make” or “initiate” prohibited calls, Campbell-Ewald argued that it could not be held liable.  Second, addressing another potential avenue of liability, Campbell-Ewald noted that the FCC had interpreted the TCPA to allow for liability against those “on whose behalf” unsolicited calls are made.  But, Campbell-Ewald argued, it could not be held liable on this ground either because the texts had been sent on behalf of its client, the Navy, not Campbell-Ewald.

In the end, the Ninth Circuit sidestepped both these arguments and found Campbell-Ewald potentially liable on a third basis, “ordinary tort-related vicarious liability rules.”  The court noted that where a statute is silent on vicarious liability—as the court judged the TCPA to be—traditional common law standards of vicarious liability apply.  Thus, the court held, Campbell-Ewald could be liable under the TCPA based on the agency relationship between Campbell-Ewald and Mindmatics.  The court further noted that FCC had stated that the TCPA imposes liability “under federal common law principles of agency,” and held that the FCC’s interpretation was entitled to deference.

Finally, the court noted that it made little sense to subject both the actual sender and the ultimate client to liability, while absolving the middleman marketing consultant, noting, “a merchant presumably hires a consultant in party due to its experience in marketing norms.”

The decision reinforces the importance for companies to closely monitor anyone sending texts or placing calls on their behalf or at their direction.  Following Gomez, it is clear that any company that had a role in sending unsolicited calls or texts can potentially be held liable under the TCPA; and the company with the deepest pockets usually becomes the target, no matter home minimal its role in the alleged violation.

The Federal Communications Commission (FCC)’s Report and Order 12-21 (Order 12-21), issued in February 2012, describes revised telemarketing rules that became effective during the past 12 months.

The FCC’s telemarketing rules are issued under the Telephone Consumer Protection Act (TCPA) and apply to a telephone call to a residential landline or wireless number or a text message that is initiated for advertising or telemarketing purposes and uses an “automatic telephone dialer system” (ATDS) or an “artificial or prerecorded” voice message.

The three major changes implemented during the past year are:

(i) Abandoned calls rule effective November 16, 2012: Telemarketers must ensure that no more than three percent of calls answered by a person are “abandoned” (i.e., not answered by the telemarketer within two (2) seconds after the called person answers) during a 30-day calling campaign period;

(ii) Opt-out mechanism effective January 14, 2013: Artificial or prerecorded telemarketing messages must include an automated, interactive mechanism that enables the called person to opt out of receiving future prerecorded messages; and

(iii) Prior express written consent rule effective October 16, 2013: “Prior express written consent” (as described below) of the called person is required[i] for:

  • telemarketing calls to a wireless telephone number when an artificial or prerecorded message or ATDS is used;
  • telemarketing text messages sent using an ATDS; or
  • telemarketing calls to a residential landline telephone number using an artificial or prerecorded message.

“Prior express written consent” means a written agreement signed by the called person that clearly authorizes delivery of advertising or telemarketing messages using an ATDS or an artificial or prerecorded voice message and clearly states that agreeing is not a condition of buying any product or service.  A written agreement may be “signed” electronically using any method recognized under the federal Electronic Signatures in Global and National Commerce Act (E-SIGN Act) or applicable state contract law.  The E-SIGN Act recognizes a signature as an “electronic sound, symbol or process” that is “attached or logically associated with” an agreement and “adopted by a person with the intent to sign.”

Although industry standards have required express opt-in consent for recurring text messaging programs prior to implementation of the FCC’s prior express written consent rule, consent obtained under the old regulatory framework is not sufficient under the new FCC consent rule because (among other requirements) the “agreement” to which the consumer consents (i) must include reference to use of automated technology and (ii) “must be obtained without requiring, directly or indirectly, that the agreement be executed as a condition of purchasing any good or service.”

Action Step for Marketers: Obtain New Opt-in Consent for Telemarketing and Mobile Marketing

Obtaining new opt-in consent consistent with the requirements of the new FCC consent rule is best practice because the sender bears the burden of proving that it has obtained prior express written consent that meets the FCC standards.  Relatedly, implementation of a record-keeping system through which evidence of compliant consent is retained for at least three years (i.e., the statute of limitations for contract claims) after the consumer opts out or after sending the last text message related to the consumer consent.

Read “Part 1:  Children’s Online Privacy Protection Act Amendments.”


[i] The FCC does not require prior express written consent for non-telemarketing calls and health-care-related calls subject to the Health Insurance Portability and Accountability Act (HIPAA) that are made to residential lines but prior express consent is required for such calls or text messages made/sent to wireless telephone numbers.